spec/integration_spec.rb in mrjoy-bundler-audit-0.3.2 vs spec/integration_spec.rb in mrjoy-bundler-audit-0.3.3

- old
+ new

@@ -1,66 +1,81 @@ require 'spec_helper' describe "CLI" do - let(:directory) { File.join('spec','bundle',bundle) } + include Helpers - context "when auditing a vulnerable bundle" do + let(:command) do + File.expand_path(File.join(File.dirname(__FILE__),'..','bin','bundle-audit')) + end + + context "when auditing a bundle with unpatched gems" do let(:bundle) { 'unpatched_gems' } + let(:directory) { File.join('spec','bundle',bundle) } - it "should print advisory information for the vulnerable gems" do - output = audit_in_directory "", directory, :fail => true - # Doing this so we can get an exact count on the number of - # vulnerabilities we should match with the regex below. - vuln_count = output.split(/Name:/).length - 1 # Less one for the - # zero-width prefix before - # the first match. + subject do + Dir.chdir(directory) { sh(command, :fail => true) } + end - # Note the "{vuln_count}" below indicates the minimum number of - # advisories that we should see matches for -- as a particular version of - # code will never + it "should print a warning" do + subject.should include("Unpatched versions found!") + end + + it "should print advisory information for the vulnerable gems" do advisory_pattern = /(Name: [^\n]+ -Version: \d+\.\d+\.\d+ +Version: \d+.\d+.\d+ Advisory: OSVDB-\d+ Criticality: (High|Medium) -URL: http:\/\/(direct\.|www\.)?osvdb\.org\/show\/osvdb\/\d+ -Title: [^\n]+ -Solution: upgrade to ((~>|=>|>=) \d+\.\d+\.\d+, )*((~>|=>|>=) \d+\.\d+\.\d+)[\s\n]*?){#{vuln_count}}/ - expect(vuln_count).to be >= 8 # As of 2013-11-04, this bundle turns up 8 - # vulns. That could increase over time of - # course. - expect(output).to match(advisory_pattern) - expect(output).to include("Unpatched versions found!") +URL: http:\/\/(direct|www\.)?osvdb.org\/show\/osvdb\/\d+ +Title: [^\n]*? +Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/ + + expect(subject).to match(advisory_pattern) + expect(subject).to include("Unpatched versions found!") end end context "when auditing a bundle with ignored gems" do let(:bundle) { 'unpatched_gems' } + let(:directory) { File.join('spec','bundle',bundle) } - it "should not print advisory information for ignored gem" do - output = audit_in_directory "-i OSVDB-89026", directory, :fail => true + let(:command) do + File.expand_path(File.join(File.dirname(__FILE__),'..','bin','bundle-audit -i OSVDB-89026')) + end - expect(output).to_not include("OSVDB-89026") + subject do + Dir.chdir(directory) { sh(command, :fail => true) } end + + it "should not print advisory information for ignored gem" do + subject.should_not include("OSVDB-89026") + end end context "when auditing a bundle with insecure sources" do let(:bundle) { 'insecure_sources' } + let(:directory) { File.join('spec','bundle',bundle) } + subject do + Dir.chdir(directory) { sh(command, :fail => true) } + end + it "should print warnings about insecure sources" do - output = audit_in_directory "", directory, :fail => true - expect(output).to include(%{ + subject.should include(%{ Insecure Source URI found: git://github.com/rails/jquery-rails.git Insecure Source URI found: http://rubygems.org/ }.strip) end end - context "when auditing a secure bundle" do let(:bundle) { 'secure' } + let(:directory) { File.join('spec','bundle',bundle) } + subject do + Dir.chdir(directory) { sh(command) } + end + it "should print nothing when everything is fine" do - output = audit_in_directory "", directory - expect(output.strip).to eq "No unpatched versions found" + subject.strip.should == "No unpatched versions found" end end end